Software application developers use a variety of techniques to protect their applications from unauthorized use and malicious attacks. One such technique includes modeling or matching up the potential security threats with corresponding solutions, for an application that is under development. Traditionally, an application developer models security threats by manually listing the potential security threats and manually listing solutions to address each security threat for that particular application. In some cases, an application developer will model security threats by himself/herself, while in other cases the application developer will assemble a team of software architecture, or other subject matter, experts to discuss potential security issues for application, and to identify solutions for addressing the potential security threats. However, manually modeling security threats may confine the protection to the extent of an application developer's working knowledge of security threats. Additionally, modeling security threats can be a time-consuming procedure that adds procedural burdens or distractions that are above and beyond the substantive need to develop the application itself.
What is needed is a method and system that enables automating threat model generation for application developers.